Analyze Network Event Activity Data with Elasticsearch

Focused View

Joe Abraham

2:32:40

83 View

01Course Overview

1. Course Overview.mp4

02:13

02Exploring Network Telemetry and Event Data

1. Analyze Network Event Activity Data with Elasticsearch.mp4

05:16

2. Demo - Network Technology Component Setup.mp4

05:58

3. Demo - Exploring the Network Event Data.mp4

04:25

4. Demo - Configuring Anomaly Detections.mp4

05:52

5. Demo - Configuring Basic Security Alerts.mp4

04:35

03Analyzing Netflow with Elasticsearch

1. Discovering the Capabilities of NetFlow.mp4

04:25

2. Demo - Configuring NetFlow Collection.mp4

04:46

3. Demo - Exporting NetFlow From Network Devices.mp4

05:09

4. Additional NetFlow Configuration From Network Devices.mp4

04:57

5. Demo - Viewing NetFlow Visualizations in Kibana.mp4

05:33

6. Demo - Using NetFlow for Threat Detection.mp4

08:42

7. Using NetFlow in the Enterprise.mp4

02:22

04Using IDS Events for Threat Detection

1. Using IDS Telemetry for Threat Hunting.mp4

03:19

2. Demo - Exploring Zeeks Event Data.mp4

08:12

3. Demo - Exploring Zeeks Event Data.mp4

06:58

4. Demo - Identifying Adversary Techniques from IDS Telemetry.mp4

06:12

5. Demo - Identifying Adversary Techniques from IDS Telemetry.mp4

07:16

05Using Network Application Data for Anomaly Detection

1. Discussing Application Anomalies.mp4

03:56

2.Exploring Application Data.mp4

04:55

3. Configuring Additional Application Data Context.mp4

05:55

4.Using Application Data for Threat Detection.mp4

05:05

5.Additional Threat Detection with Application Data.mp4

07:31

06Correlating Network Telemetry for Threat Detection

1. Discussing Event Correlation.mp4

02:49

2. Demo - Installing and Using Auditbeat.mp4

05:02

3. Demo - Correlating Auditbeat with Network Traffic.mp4

07:54

4. Demo - Correlating Network Events and Telemetry.mp4

08:07

5. Reviewing Network Event Analysis.mp4

02:51

6. Additional Resources for Network Event Analysis.mp4

02:25

Exercise Files

analyze-network-event-activity-data-elasticsearch.zip

Description

As our infrastructures grow, the quality of our data from these devices is becoming critical to cyber operations. This course will teach you how to ingest and use network event and telemetry data for threat hunting operations.

What You'll Learn?

In today’s cybersecurity landscape, threats are everywhere. Our telemetry and network event data quality is important to detecting, responding to, and mitigating those threats. Elasticsearch can help ease the burden of sifting through the large amounts of data that we collect. In this course, Analyze Network Event Activity Data with Elasticsearch, you’ll learn to ingest network event and telemetry data, and use it to find threats. First, you’ll explore how to ingest security device logs and Netflow, and use it to find potential threats. Next, you’ll discover how to use application data to detect anomalies and interesting behavior. Finally, you’ll learn how to correlate the data between the various sources to identify threats. When you’re finished with this course, you’ll have the skills and knowledge of Elasticsearch needed to effectively use the data being collected for cyber operations.

More details

User Reviews

Rating

average 0

Total votes0

Focused display

Elasticsearch

Joe Abraham

Instructor's Courses

Joe Abraham, CCIE #62417, is a Network Security Consultant working in the public sector space, assisting customers develop and implement functional and secure network architectures. He graduated from Excelsior College with an M.S. in Cybersecurity and a B.S. in Information Technology (Network Management). He currently holds many IT certifications to include CCIE, CISSP, GSEC, and CCNP Security. He is also a member of the GIAC Advisory Board. Joe is a mentor to IT professionals and a blogger who spends his time either with his wife and three children, exercising, researching and writing about technology, or learning new technologies. Spending much of his experience helping to train and educate IT professionals, he is passionate about teaching and always strives to be a positive influence in the IT field.

Pluralsight

View courses Pluralsight

Pluralsight, LLC is an American privately held online education company that offers a variety of video training courses for software developers, IT administrators, and creative professionals through its website. Founded in 2004 by Aaron Skonnard, Keith Brown, Fritz Onion, and Bill Williams, the company has its headquarters in Farmington, Utah. As of July 2018, it uses more than 1,400 subject-matter experts as authors, and offers more than 7,000 courses in its catalog. Since first moving its courses online in 2007, the company has expanded, developing a full enterprise platform, and adding skills assessment modules.